chore(deps): update aquasec/trivy docker tag to v0.69.3 (alauda-v0.34.1) - abandoned

[alaudaa-renovate]

This PR contains the following updates:

Package	Type	Update	Change
aquasec/trivy (source)	final	minor	0.67.2 -> 0.69.3

---

Release Notes

aquasecurity/trivy (aquasec/trivy)

v0.69.3

Compare Source

Changelog

• 6fb20c8 release: v0.69.3 [release/v0.69] (#​10293)
• dabefec fix(deps): bump github.com/go-git/go-git/v5 from 5.16.4 to 5.16.5 [backport: release/v0.69] (#​10291)

v0.69.2

Compare Source

Changelog

• cfa322e release: v0.69.2 [release/v0.69] (#​10266)
• 86debce fix(deps): bump go.opentelemetry.io/otel/sdk from 1.39.0 to 1.40.0 [backport: release/v0.69] (#​10267)
• cf3d4cd fix(deps): bump github.com/cloudflare/circl from 1.6.1 to 1.6.3 [backport: release/v0.69] (#​10264)
• 6dfd3b0 ci: remove apidiff workflow

v0.69.1

Compare Source

v0.69.0

Compare Source

⚠ BREAKING CHANGES

• misconf: use ID instead of AVDID for providers mapping (#​9752)

Features

• activestate: add support ActiveState images (#​10081) (676709d)
• add AnalyzedBy field to track which analyzer detected packages (#​10059) (1953824)
• cloudformation: add support for Fn::ForEach (#​9508) (d65b504)
• debian: detect third-party packages using maintainer list (#​9917) (effc1c0)
• flag: add JSON Schema for trivy.yaml configuration file (#​9971) (4caf731)
• helm: add sslCertDir parameter (#​9697) (879e4fc)
• julia: enable vulnerability scanning for the Julia language ecosystem (#​9800) (c2f82ad)
• misconf: add action block to Terraform schema (#​10035) (b06ef6d)
• misconf: initial ansible scanning support (#​9332) (9275e15)
• misconf: support for ARM resources defined as an object (#​9959) (92d3465)
• misconf: support for azurerm_*_web_app (#​9944) (37b5da8)
• misconf: Update Azure Database schema (#​9811) (48dfede)
• misconf: use Terraform plan configuration to partially restore schema (#​9623) (5fced3a)
• nodejs: parse licenses from package-lock.json file (#​9983) (b64d5ad)
• php: add support for dev dependencies in Composer (#​9910) (56b59e8)
• report: add Trivy version to JSON output (#​10065) (fe7d20a)
• rocky: enable modular package vulnerability detection (#​10069) (31c4780)
• rootio: Update trivy db to support usage of Severity from root.io feed (#​9930) (d3096e7)
• sbom: exclude PEP 770 SBOMs in .dist-info/sboms/ (#​10033) (07ff788)
• secret: add detection for Symfony default secret key (#​9892) (34baef2)
• vex: support per-repo tls configuration (#​10030) (f809066)
• vuln: skip vulnerability scanning for third-party packages in Debian/Ubuntu (#​9932) (74819bf)

Bug Fixes

• docker: fix non-det scan results for images with embedded SBOM (#​9866) (7f71b57)
• go: use ldflags version for all pseudo-versions (#​10037) (3c0ab97)
• image: race condition in image artifact inspection (#​9966) (18acf4f)
• java: add hash of GAV+root pom file path for pkgID for packages from pom.xml files (#​9880) (809db46)
• java: correctly inherit properties from parent fields for pom.xml files (#​9111) (2933b01)
• java: correctly propagate repositories from upper POMs to dependencies (#​10077) (b9415a3)
• license: normalize licenses for PostAnalyzers (#​9941) (11dd3fa)
• misconf: correct typos in block and attribute names (#​9993) (ac061f8)
• misconf: respect .yml files when Helm charts are detected (#​9912) (18ecf75)
• misconf: safely parse rotation_period in google_kms_crypto_key (#​9980) (a0ecc8e)
• move enum into items for array-type fields in JSON Schema (#​10039) (4e06c3d)
• remove trailing tab in statefulset template (#​9889) (9db123c)
• repo: return a nil interface for gitAuth if missing (#​10097) (036c05b)
• rust: add cargo workspace members glob support (#​10032) (d2dc46a)
• rust: implement version inheritance for Cargo mono repos (#​10011) (47d3103)
• secret: improve word boundary detection for Hugging Face tokens (#​10046) (cdb28ee)
• use canonical SPDX license IDs from embedded licenses.json (#​10053) (c233735)
• vex: add CVE-2025-66564 as not_affected into Trivy VEX file (#​9924) (335cc99)
• vuln: skip vulns detection for CentOS Stream family without scan failure (#​9964) (b46cde0)

Performance Improvements

• misconf: optimize string concatenation in azure scanner (#​9969) (10a50a7)

Code Refactoring

• misconf: use ID instead of AVDID for providers mapping (#​9752) (6462dc8)

v0.68.2

Compare Source

v0.68.1

Compare Source

Bug Fixes

• update cosing settings for GoReleaser after bumping cosing to v3 (#​9863) (c7accc8)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[alaudabot]

🤖 AI Code Review

Property	Value
Model	opencode/minimax-m2.5-free
Style	strict
Issues Found	0
Config Source	centralized
Profile	❌ Not Found
Personalized Prompt	❌ No
Prompt Path	.github/review/profiles/alaudadevops/harbor-scanner-trivy/pr-review.md
Alauda Skills	✅ base-sample-email-draft, base-skill-setup, builders-component-knowledge, builders-confluence, builders-jira, builders-sample-code-review, connectors-explore, connectors-poc-case, connectors-review, connectors-unit-test, connectors-write-user-docs, devops-autodns, devops-bulk-string-replace, devops-candidate-version-supervisor, devops-docker-keyword-analysis, devops-gen-advanced-form-descriptors, devops-go-vuln-fix, devops-knowledge-adoption, devops-refresh-alauda-tags, devops-sync-alauda-github-releases, devops-tekton-dynamic-form-optimizer, devops-tekton-operator-task-e2e, devops-tekton-task-generator, devops-tekton-task-overview-template, devops-tekton-task-version-upgrade, devops-tekton-upgrade-notes, devops-ui-e2e-code-audit, devops-ui-e2e-fix-base-on-report, devops-ui-e2e-regression-and-fix, devops-ui-generate-e2e-from-feature, devops-ui-pre-setup, devops-update-containerfile-digests, devops-upgrade-go
Reviewed at	2026-04-17 05:37:11 UTC

---

Summary

This PR updates the Go version from 1.25.8 to 1.26.2 in go.mod. The PR title indicates it was abandoned. Given this is a minor Go version patch within the same major version and there are no code changes beyond the go.mod version bump, the update appears safe and follows standard Go upgrade practices.

Review Statistics

Category	Count
Critical Issues	0
Warnings	0
Suggestions	0
Files Reviewed	1

Critical Issues

Issues that MUST be addressed before merging (security, bugs, breaking changes)

None

Warnings

Issues that SHOULD be addressed but are not blocking

None

Suggestions

Recommendations for improvement (nice to have)

None

Positive Feedback

• The Go version upgrade follows semantic versioning and uses a stable patch release (1.26.2)
• This is an automated dependency update following project conventions

---

---

ℹ️ About this review

This review was automatically generated using the run-actions workflow.

• Shared prompt: .github/prompts/code-review.md
• Config source: centralized
• Profile path: Not Found
• Profile ref: 70116bce40f93e28716196a4b479fec1049b7950
• No repository-specific prompt configured
• Alauda skills: base-sample-email-draft, base-skill-setup, builders-component-knowledge, builders-confluence, builders-jira, builders-sample-code-review, connectors-explore, connectors-poc-case, connectors-review, connectors-unit-test, connectors-write-user-docs, devops-autodns, devops-bulk-string-replace, devops-candidate-version-supervisor, devops-docker-keyword-analysis, devops-gen-advanced-form-descriptors, devops-go-vuln-fix, devops-knowledge-adoption, devops-refresh-alauda-tags, devops-sync-alauda-github-releases, devops-tekton-dynamic-form-optimizer, devops-tekton-operator-task-e2e, devops-tekton-task-generator, devops-tekton-task-overview-template, devops-tekton-task-version-upgrade, devops-tekton-upgrade-notes, devops-ui-e2e-code-audit, devops-ui-e2e-fix-base-on-report, devops-ui-e2e-regression-and-fix, devops-ui-generate-e2e-from-feature, devops-ui-pre-setup, devops-update-containerfile-digests, devops-upgrade-go

[alaudabot]

The dependency update looks good. Only a minor suggestion noted in the overview about documenting the version update reason, but that's optional. PR is approved for merge.

[alaudaa-renovate]

Autoclosing Skipped

This PR has been flagged for autoclosing. However, it is being skipped due to the branch being already modified. Please close/delete it manually or report a bug if you think this is in error.